Updates to RSA-PSS salt lengths

In our new release of wolfSSL 4.3.0 we have added updates to RSA-PSS salt lengths. The macro WOLFSSL_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex() attempts to discover salt length and can use larger salt lengths.

RSA-PSS is a probabilistic signature scheme (PSS) with appendix. A signature scheme with appendix requires the message itself to verify the signature (i.e. the message is not recoverable from the signature). RSA-PSS is an adaptation of their work and is standardized as part of PKCS#1 v2.1. In general, RSA-PSS should be used as a replacement for RSA-PKCS#1 v1.5.

RSA-PSS parameters

  • hash algorithm/function. The default is SHA-1.
  • mask generation function (MGF). Currently always MGF1.
  • salt length. The default value is 20 but the convention is to use hLen, the length of the output of the hash function in bytes. A salt length of zero is permitted and will result in a deterministic signature value. The actual salt length used can be determined from the signature value.
  • trailer field, used in the encoding operation. The default trailer field is the byte 0xbc. There are no options to change this value.

The default parameters for RSA-PSS are:

hashAlgorithm      sha1,
maskGenAlgorithm   mgf1SHA1 (the function MGF1 with SHA-1)
saltLength         20,
trailerField       trailerFieldBC (the byte 0xbc)

It is recommended that the MGF hash function be the same as the scheme hash algorithm/function, and that the salt length be hLen, the length of the output of the hash function.

For more information on RSA-PSS visit https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html

For more information on wolfSSL updates, TLS 1.3, OCSP, FIPS 140-2, or for any additional questions, contact facts@wolfssl.com or support@wolfssl.com!

We love you.

Team wolfSSL

Check out our Webinar on TLS 1.3, OpenSSL COMPARISON!

wolfSSL: TLS 1.3, OpenSSL comparison

wolfSSL’s open-source SSL/TLS library is constantly updated to maintain a mature code base and adapts quickly to any standard changes. One recent change is the release of TLS 1.3 (successor of TLS 1.2 which was out for 10 years).

What is new in TLS 1.3?
TLS 1.3 brought forth numerous improvements including faster handshake times, full session encryption and new cipher suites. There are faster handshake times as there is only one RTT instead of two which enables clients to send data immediately after the first reply from the server. Full session encryption is also achieved through the use of a variety of encryption algorithms to secure data. In addition, new cipher suites considered to be stronger also come with TLS 1.3.

How are we different from OpenSSL?
There are several key differentiators between wolfSSL and OpenSSL. These include the following:

  • Build size (up to 20x smaller than OpenSSL)
  • Standards support: up to date on most recent standards
  • Hardware acceleration
  • Team of security experts
  • Ease of Use designed for developers
  • Portability: a long list of supported platforms
  • Dual license: GPLv2 or Commercial
  • 24/7 Support

To watch all the wolfSSL webinars, check out our YouTube channel:

To read more about the differences between TLS 1.2 and TLS 1.3 visit:

Questions? Contact us facts@wolfSSL.com

wolfMQTT Client Supports Secure AWS

The wolfMQTT client library has an Amazon Web Services example that demonstrates securely connecting over TLS provided by the wolfSSL embedded SSL/TLS library.

We setup an AWS IoT endpoint and testing device certificate. The AWS server uses a TLS client certificate for authentication. The example is located in `/examples/aws/`.  It subscribes to `$aws/things/”AWSIOT_DEVICE_ID”/shadow/update/delta` and publishes to `$aws/things/”AWSIOT_DEVICE_ID”/shadow/update`.

Everyone deserves to have their IoT data secure, and wolfSSL provides the best libraries to accomplish that! wolfSSL supports up to TLS 1.3, FIPS 140-2, expansive support for hardware cryptography, and more!  Secure-IoT-Love from the wolfSSL team!

You can download the latest release here: https://www.wolfssl.com/download/

Or clone directly from our GitHub repository.

Don’t forget to add a star while you’re there!  Contact us at facts@wolfssl.com with any questions or comments.

wolfSSL Conforms to MISRA-C:2012 Guidelines

The team at wolfSSL has taken the core functionality of the wolfSSL embedded SSL/TLS library to the next level and implemented changes to conform to the Required and Mandatory rules from the MISRA-C:2012 Guidelines.

Currently a subset of the wolfCrypt files are checked (sha256.c, aes.c (CBC/GCM), rsa.c, random.c, sp_c64.c), let us know if your project requires other files and we can target them while expanding coverage.

For questions contact us at facts@wolfssl.com. Critical safety love to all from wolfSSL!  wolfSSL also supports TLS 1.3, FIPS 140-2, and more!

Posts navigation

1 2 3